book

Securing SQL Server, 3rd Edition

Name: Securing SQL Server, 3rd Edition
Author: Denny Cherry
ISBN: 9780128013755

by Denny Cherry

April 2015

Intermediate to advanced

462 pages

13h 59m

English

Syngress

Read now

Unlock full access

Cover
Title page
Table of Contents
Copyright
Dedication
Author Biography
Technical Editor Biography
Acknowledgments
Introduction
Chapter 1: Identifying Security Requirements
AbstractWhat are Security Objectives?When Should Security Objectives been Identified?How to Identify Security Objectives?

Chapter 2: Securing the Network
AbstractSecuring the NetworkPublic IP Addresses versus Private IP AddressesvLANsAccessing SQL Server from HomePhysical SecuritySocial EngineeringFinding the InstancesTesting the Network SecurityAntivirus Installation on SQL ServersSummary
Chapter 3: Key Management
AbstractService Master KeyDatabase Master KeyEncryption Password ManagementEnterprise Key ManagementHigh Availability and Disaster Recovery for Key ManagementConclusions
Chapter 4: Database Encryption
AbstractDatabase EncryptionEncrypting Data within TablesEncrypting Data at RestEncrypting Data on the WireEncrypting Data with MPIO DriversEncrypting Data via HBAsSummary
Chapter 5: SQL Password Security
AbstractLogin TypesSQL Server Password SecurityStrong PasswordsPassword Change PoliciesRenaming the SA AccountDisabling the SA AccountUsers versus LoginsContained Database Users in SQL Server 2012 and BeyondSchemasEncrypting Client Connection StringsApplication RolesUsing Windows Domain Policies to Enforce Password LengthContained UsersSummary
Chapter 6: Securing the Instance
AbstractWhat to Install, and When?SQL Authentication and Windows AuthenticationPassword Change PoliciesAuditing Failed LoginsRenaming the SA AccountDisabling the SA AccountSecuring EndpointsStored Procedures as a Security MeasureMinimum Permissions PossibleInstant File InitializationLinked ServersUsing Policies to Secure Your InstanceSQL Azure Specific SettingsInstances that Leave the OfficeSecuring AlwaysOn Availability GroupsSecuring Contained DatabasesSQL CLRExtended Stored ProceduresProtecting Your Connection StringsDatabase FirewallsClear Virtual Memory PagefileUser Access Control (UAC)Other Domain Policies to AdjustSummary
Chapter 7: Analysis Services
AbstractLogging into Analysis ServicesSecuring Analysis Services ObjectsSummary
Chapter 8: Reporting Services
AbstractSetting up SSRSSecurity within Reporting ServicesReporting Services Authentication OptionsReport Server Object RightsSummary
Chapter 9: SQL Injection Attacks
AbstractWhat is an SQL Injection Attack?Why are SQL Injection Attacks so Successful?How to Figure out you have been AttackedHow to Protect Yourself from an SQL Injection AttackCleaning up the Database after a SQL Injection AttackOther Front end Security IssuesUsing xEvents to Monitor for SQL InjectionSummary
Chapter 10: Database Backup Security
AbstractOverwriting BackupsMedia set and Backup set PasswordsBackup EncryptionTransparent Data EncryptionCompression and EncryptionOffsite BackupsSummary
Chapter 11: Storage Area Network Security
AbstractSecuring the ArraySecuring the Storage SwitchesSummary
Chapter 12: Auditing for Security
AbstractLogin AuditingData Modification AuditingData Querying AuditingSchema Change AuditingUsing Policy-based Management to Ensure Policy ComplianceC2 AuditingCommon Criteria ComplianceSummary
Chapter 13: Server Rights
AbstractSQL Server Service Account ConfigurationOS Rights Needed by the SQL Server ServiceOS Rights Needed by the DBAOS Rights Needed to Install Service PacksOS Rights Needed to Access SSIS RemotelyConsole Apps Must DieFixed Server RolesUser Defined Server RolesFixed Database RolesUser-defined Database RolesDefault Sysadmin RightsVendor’s and the Sysadmin Fixed Server RoleSummary
Chapter 14: SQL Server Agent Security
AbstractProxiesSQL Agent Job StepsGranting Rights to ProxiesJob OwnershipSummary
Chapter 15: Securing Data
AbstractGRANTing RightsDENYing RightsREVOKEing RightsTable and view PermissionsStored Procedure PermissionsSigning Stored Procedures, Functions and TriggersFunction PermissionsService Broker ObjectsSeparation of DutiesSummary
Appendix A: External Audit Checklists
Subject Index

Overview

SQL server is the most widely-used database platform in the world, and a large percentage of these databases are not properly secured, exposing sensitive customer and business data to attack.

In Securing SQL Server, Third Edition, you will learn about the potential attack vectors that can be used to break into SQL server databases as well as how to protect databases from these attacks. In this book, Denny Cherry - a Microsoft SQL MVP and one of the biggest names in SQL server - will teach you how to properly secure an SQL server database from internal and external threats using best practices as well as specific tricks that the author employs in his role as a consultant for some of the largest SQL server deployments in the world.

Fully updated to cover the latest technology in SQL Server 2014, this new edition walks you through how to secure new features of the 2014 release. New topics in the book include vLANs, setting up RRAS, anti-virus installs, key management, moving from plaintext to encrypted values in an existing application, securing Analysis Services Objects, Managed Service Accounts, OS rights needed by the DBA, SQL Agent Security, Table Permissions, Views, Stored Procedures, Functions, Service Broker Objects, and much more.

Presents hands-on techniques for protecting your SQL Server database from intrusion and attack
Provides the most in-depth coverage of all aspects of SQL Server database security, including a wealth of new material on Microsoft SQL Server 2014.
Explains how to set up your database securely, how to determine when someone tries to break in, what the intruder has accessed or damaged, and how to respond and mitigate damage if an intrusion occurs.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Securing SQL Server: DBAs Defending the Database

Publisher Resources

ISBN: 9780128012758

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills